1) Create user "test" with "dbOwner" role on a database
2) Use "test" user to create a role granting the "indexStats" action
3) Use "test" user to grant role from step 2 to "test" user
4) Attempt to use $indexStats on a collection

1) Create user "test" with "dbOwner" role on a database
2) Use "test" user to create a role granting the "indexStats" action
3) Use "test" user to grant role from step 2 to "test" user
4) Attempt to use $indexStats on a collection

A database user with "dbOwner" database privileges is able to grant themselves privileges which include the "indexStats" action in their respective database. These privileges do not allow the user to use the $indexStats aggregation operator.

Can the "indexStats" action be assigned by itself, or must it be coupled with other actions? Ideally, I would like to be able to assign this privilege without offering all the permissions provided in the clusterMonitor role.

Attachments

Issue Links

is documented by

DOCS-9463Docs for SERVER-26734: indexStats action is not sufficient privileges for $indexStats operator